Remove users ability to invoke machine policy refreshID: oval:org.secpod.oval:def:19601 | Date: (C)2014-05-29 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
The Remove users ability to invoke machine policy refresh machine setting should be configured correctly.
This setting allows you to control a user's ability to invoke a computer policy refresh. If you enable this setting, users may not invoke a refresh of computer policy. Computer policy will still be applied at startup or when an official policy refresh occurs. If you disable or do not configure this setting, the default behavior applies. By default, computer policy is applied when the computer starts up. It also applies at a specified refresh interval or when manually invoked by the user.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\System\Group Policy\Remove users ability to invoke machine policy refresh
(2) KEY: HKLM\Software\Policies\Microsoft\Windows\System\DenyUsersFromMachGP
Platform: |
Microsoft Windows Server 2008 R2 |